-bash-4.2$ cat infraenv-ipam-reserve.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: infraenv-ipam-reserve
spec:
  params:
    - name: infra-env
      type: string
    - name: rack-ns
      type: string
      default: acm-config
      description: namespace of rackvars
  steps:
    - env:
        - name: infra-env
          value: $(params.infra-env)
        - name: rack-ns
          value: $(params.rack-ns)
      image: artifactgeo.citigroup.net/docker-gcs-infra-local/redhat/openshift4:{{ fromClusterClaim "version.openshift.io" }}-x86_64-cli
      name: infraenv-ipam-reserve
      resources: {}
      script: |
        #!/usr/bin/env python
        import os
        import json
        import ipaddress
        import subprocess
        import socket

        # initialize vars ##
        infra_env = os.environ['infra-env']
        rack_ns = os.environ['rack-ns']
        machines = json.loads(os.popen('oc get rack %s -n %s -o jsonpath={.spec.machines}' % (infra_env, rack_ns)).read())
        dns_domain = os.popen('oc get rack %s -n %s -o jsonpath={.spec.dns_domain}' % (infra_env, rack_ns)).read()

        default_tims_rest_url = 'https://citidns.citi.net:7443/tims/rest'

        var_tims_rest_url = os.popen('oc get rack %s -n %s -o jsonpath={.spec.tims_rest_url}' % (infra_env, rack_ns)).read()

        if var_tims_rest_url:
          tims_rest_url = var_tims_rest_url
        else:
          tims_rest_url = default_tims_rest_url

        subnet = os.popen('oc get rack %s -n %s -o jsonpath={.spec.subnet}' % (infra_env, rack_ns)).read()

        cert_path = "/opt/ipam-secret/client.crt"
        key_path = "/opt/ipam-secret/client.key"

        directory_path = "/workspace/output/reserve_ipam"
        if not os.path.exists(directory_path):
            os.makedirs(directory_path)

        def fetch_free_ip():
            endpoint = "/object/getNextFreeIP"

            params = {
                "subnet_addr": subnet,
                "org_name": "EARTH",
                "range_start_addr": f"{subnet[:-1]}100"
            }

            full_url = f"{tims_rest_url}{endpoint}"

            cmd = [
                "curl",
                "--insecure",
                "--silent",
                "--request", "GET",
                "--cert", cert_path,
                "--key", key_path,
                full_url + "?" + "&".join([f"{k}={v}" for k, v in params.items()])
            ]

            result = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
            if result.returncode == 0:
                free_ip = result.stdout
                return free_ip
            else:
                print("Error:", result.stderr)
                return None

        def resolve_domain(fqdn):
            try:
                return socket.gethostbyname(fqdn)
            except socket.gaierror:
                return None

        def check_ip_registration(ip, name):
            check_command = [
                "curl",
                "--insecure",
                "--silent",
                "--request", "GET",
                "--cert", cert_path,
                "--key", key_path,
                f"{tims_rest_url}/object/checkIP?address={ip}"
            ]

            result = subprocess.run(check_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
            if result.returncode == 0:
                response_data = json.loads(result.stdout)
                registered_name = response_data.get("name")
                if registered_name and registered_name != name:
                    return False
                return True
            else:
                print("Error:", result.stderr)
                return False

        for machine in machines:
            name = machine['name']
            host_ip = machine.get('host_ip', '')
            fqdn = "%s.%s" % (name, dns_domain)
            file_name = name + ".ip"
            file_path = "%s/%s" % (directory_path, file_name)

            if host_ip:
                ip_address = host_ip
                if not check_ip_registration(ip_address, name):
                    print(f"ERROR: IP address {ip_address} is registered to a different object name.")
                    exit(1)
            else:
                ip_address = fetch_free_ip()

            resolved_ip = resolve_domain(fqdn)
            if resolved_ip:
                if resolved_ip != host_ip:
                    print(f"ERROR: Hostname {fqdn} resolved to a different IP address {resolved_ip} than {host_ip}.")
                    exit(1)
                print(f"INFO: {fqdn} resolved to IP: {resolved_ip}. Skipping new IP reservation.")
                with open(file_path, "w") as file:
                    file.write(resolved_ip)
                continue
            else:
                print(f"INFO: Hostname not found in DNS. Reserving {fqdn} to IP address: {ip_address}.")
                with open(file_path, "w") as file:
                    file.write(ip_address)

            request_data = {
                "address": ip_address,
                "organization_name": "EARTH",
                "domain_name": dns_domain,
                "subnet_address": subnet,
                "class_code": "Server",
                "alloc_type": 1,
                "update_ns_ptr": True,
                "dyn_update_rrs_a": True,
                "dyn_update_rrs_ptr": True,
                "dyn_update_rrs_cname": True,
                "dyn_update_rrs_mx": True,
                "ttl": 300,
                "name": name,
                "update_ns_a": True
            }

            headers = {
                "Content-Type": "application/json"
            }

            curl_command = "curl --insecure -X POST -H '" + f"Content-Type: {headers['Content-Type']}" + "' --cert " + cert_path + " --key " + key_path + " -d '" + json.dumps(request_data) + "' " + tims_rest_url + "/object/add"
            result_host_reserve = subprocess.run(curl_command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
            http_status_code = int(result_host_reserve.stdout.rstrip()[-3:]) if result_host_reserve.stdout.rstrip()[-3:].isdigit() else None

            if http_status_code == 200:
                print(f"INFO: IP Reservation for {name} is Success \n")
            else:
                print(f"WARNING: IP Reservation for {name} failed with status code {http_status_code} \n {result_host_reserve.stderr}")
                exit(1)
  volumeMounts:
    - mountPath: /opt/ipam-secret
      name: ipam-secret
  volumes:
    - name: ipam-secret
      secret:
        secretName: ipam-secret
  workspaces:
    - name: output
